I hope I got the email correct. I'm trying to post to the mailing list.
I want to do the following in htaccess for account security:
SetEnvIf Authorization "^(.*)Account(.*)$" logged_in
Order Allow,Deny
Allow from env=logged_in
AuthType Basic
AuthName "Account"
require group accoun
2009/2/1 Michele Waldman :
The userlist (http://httpd.apache.org/userslist.html) might be a
better place, but...
> I want to do the following in htaccess for account security:
>
>
That would not do what it should do. [^...] is a negated character
class to exclude certain characters but not a spe
RewriteCond has flags -f -d ...
But not -e for exists.
It looks like:
RewriteCond ${REMOTE_USER} !="" always evaluates to true if REMOTE_USER does
not exist. Am I wrong?
I'm thinking about adding a -e flag for environment variable does not exist
to httpd on my server. It would return true if the
evaluate to true?
Michele
-Original Message-
From: Dave Ingram [mailto:d...@dmi.me.uk]
Sent: Friday, February 06, 2009 5:55 AM
To: modules-dev@httpd.apache.org
Subject: Re: Making mod_auth_digest mysql
The -f and -d flags for RewriteCond are for checking the file system,
not environment
On Fri, Feb 6, 2009 at 8:49 AM, Michele Waldman wrote:
> I mean to check server environment variables which is what REMOTE_USER is.
This might be better off on us...@httpd.apache.org
> I just want to know if the variable is defined on the server then I could do
> this:
>
> RewriteEngine On
> Rew
The -f and -d flags for RewriteCond are for checking the file system,
not environment variables, although they can use environment variables
if necessary. For example:
RewriteCond %{DOCUMENT_ROOT}/%{ENV:foo} -d
would check that the folder named by the environment variable "foo"
exists in the docu
The isn't one. I'm talking about writing it.
-Original Message-
From: Eric Covener [mailto:cove...@gmail.com]
Sent: Friday, February 06, 2009 9:24 AM
To: modules-dev@httpd.apache.org
Subject: Re: Making mod_auth_digest mysql
On Fri, Feb 6, 2009 at 8:49 AM, Michele Waldman
iday, February 06, 2009 3:05 PM
To: modules-dev@httpd.apache.org
Subject: Re: Making mod_auth_digest mysql
> I'm thinking about adding a -e flag for environment
> variable does not exist to httpd on my server.
> It would return true if the variable exists
> or false, other
I don't drink that frequently, but when I do I get chatty, even on the
computer.
-Original Message-
From: Ray Morris [mailto:supp...@bettercgi.com]
Sent: Sunday, February 08, 2009 8:00 PM
To: modules-dev@httpd.apache.org
Subject: Re: Making mod_auth_digest mysql
> Sorry, a
Lol. I'm using the proper syntax on the server. Just checked.
-Original Message-
From: Eric Covener [mailto:cove...@gmail.com]
Sent: Thursday, February 12, 2009 2:49 PM
To: modules-dev@httpd.apache.org
Subject: Re: Making mod_auth_digest mysql
On Thu, Feb 12, 2009 at 2:25 PM, Mi
On Thu, Feb 12, 2009 at 3:27 PM, Michele Waldman wrote:
>>> RewriteCond ${REMOTE_USER} . does not seem to work when the REMOTE_USER is
>>> not defined. The statement evaluates to true.
>>
>> What happens when you use the proper syntax, %{REMOTE_USER}?
> Lol. I'm using the proper syntax on the
al Message-
From: Michele Waldman [mailto:mmwald...@nyc.rr.com]
Sent: Thursday, February 12, 2009 3:28 PM
To: modules-dev@httpd.apache.org
Subject: RE: Making mod_auth_digest mysql
Lol. I'm using the proper syntax on the server. Just checked.
-Original Message-
From: Eric Coven
In ff, the user hits the backpage button.
4) The user gets a dialog box to login rather than being redirected.
Michele
-Original Message-
From: Eric Covener [mailto:cove...@gmail.com]
Sent: Thursday, February 12, 2009 3:44 PM
To: modules-dev@httpd.apache.org
Subject: Re: Making mod_auth_d
On Thu, Feb 12, 2009 at 3:44 PM, Michele Waldman wrote:
> Basically, when I user is logged out, %{REMOTE_USER} is not defined. It
> seems any rewritecode using an undefined server environment variable always
> evaluates to true. I don't want this. I want false if not defined. I'm
> going to ha
On Thu, Feb 12, 2009 at 3:49 PM, Michele Waldman wrote:
> I'm doing this:
>
> RewriteEngine On
> RewriteCond %{REMOTE_USER} .
> RewriteRule ^.*$ - [S=1]
> RewriteRule ^.*$ http://domain/logged_out.html?%{N} [R]
>
> AuthType Digest
> AuthName "account"
> AuthUserFile /path/.htpasswd
> Require valid
Michele Waldman wrote:
I'm doing this:
RewriteEngine On
RewriteCond %{REMOTE_USER} .
RewriteRule ^.*$ - [S=1]
RewriteRule ^.*$ http://domain/logged_out.html?%{N} [R]
AuthType Digest
AuthName "account"
AuthUserFile /path/.htpasswd
Require valid-user
1) The user is logged in.
2) The user logs
There is not authentication requirement for logged_out it's in a higher
directory.
-Original Message-
From: Joe Lewis [mailto:j...@joe-lewis.com]
Sent: Thursday, February 12, 2009 4:46 PM
To: modules-dev@httpd.apache.org
Subject: Re: Making mod_auth_digest mysql
Michele Waldman
Michele Waldman wrote:
There is not authentication requirement for logged_out it's in a higher
directory.
Okay, then. I'm afraid I am not understanding everything here. I doubt
the wheel needs to be reimplemented, but it seems the push is in that
direction. For my feeble mind, can you give
igest authenticating against mysql was all part
of this.
Michele
-Original Message-
From: Joe Lewis [mailto:j...@joe-lewis.com]
Sent: Thursday, February 12, 2009 6:39 PM
To: modules-dev@httpd.apache.org
Subject: Re: Making mod_auth_digest mysql
Michele Waldman wrote:
> There is not authen
Michele Waldman wrote:
It is different that just authenticating.
Due to an htaccess authentication implementation, it requires a work around
to prevent those pesky popups the browsers produce.
I'm trying to do a spin on this:
http://www.berenddeboer.net/rest/authentication.html
Implementing th
ache.org
Subject: Re: Making mod_auth_digest mysql
Michele Waldman wrote:
> It is different that just authenticating.
>
> Due to an htaccess authentication implementation, it requires a work
around
> to prevent those pesky popups the browsers produce.
>
> I'm trying to do a spin
Michele Waldman wrote:
All the actual authentication if fine. I wouldn't rely on cookies for
security. It sounds like cookies would be a "fake" security.
I was thinking about creating a logout cookie.
Then, the popup would only happen if the user hacked their cookies.
Shame on them.
But it
22 matches
Mail list logo
